BarCampSD5 (5/30-31/09) Notes, Day 2.

Cloud computing is not just applications on the internet. Talked about cloud for versioning, image management (disk image, not pictures) – problems there with proper password expiry policies – reconstituting an old image with an old password you can’t use anymore…) Cool developments: auto-scaling. Lots of questions from folks about security and HIPAA…
—————————————-

11:30 Getting Organized with a wiki…. by another speaker who did not introduce himself.
Talked about tools he’s tried for personal organization.
Uses editme.com, iCal -> 30 boxes -> feed
Editgrid.com likes this better than gdocs because you can embed it into a wiki unlike gdocs (althouh I think you can embed them now with the new tools?)
Lets you make users so you can have people log in and have access to not quite everything.
Search works well. You can add comments, and you can search everything.
Advantage of wiki vs EverNote: linking pages to any other random pages.
Tiddlywiki is really cool, especially if you know Javascript tricks.

And then people started sharing what they use. Interesting, but we ran out of time FAST.

——————————————————————–

I did some windowshopping of sessions, hallway conversations etc. Brain getting full.
———————————————–

2:00 – Race to the bottom – gebl (Gabe Lawrence, IT security at UCSD)
As processors get smaller and cheaper, potential to put smarts into all kinds of things – demoed arduino, looked at hacked cellphone gps tracker… show & tell with tiny toys.

———————————————-
2:30 Peoplehacking part 2 with Viss
YouTube: Derren Brown dogtrack video – hacking people who are working on autopilot.
– smack is NLP, interruption.
– this is the dog you’re looking for – the jedi mind trick.

Various other videos of “tells” when folks are lying. A lot of this struck me as hooey, but I know lots of smart people take it really seriously so who knows.

—————————-
4:00 A Practical Approach to Password Construction / Tony Su
Talked about passwords as component of security. Knowing thy enemy: important to know what crackers do, how far they’re going to go, what tools they use.
Cracking:
– brute force cracking / dictionary cracking
– anonymous target: possible chance selection, generic distionaries, attack a whole IP block, hit and run.
– focused target: selective vocabulary/dictionaries, specific methods for specific vulnerabilities. Becoming more prevalent.
– “rainbow tables” tools for hackers.
– Common cracking rules. Use complex pws, crackers know common character substitutions. 2 for to, 4 for for, etc.
– Similar technologies are used to identify spam – these rules are out there, well known.
– 15 characters min, 23 characters better.
– Want to make your method of creating passwords as unpredictable as possible.
– Length of words is more important than complexity.
– to be effective at reaching 128-bit encryption level safety you need upper/lower, numbers and punctuation of 20 chars.
– special characters requiring multi-key combinations: more difficult for your users, but probably NOT harder for crackers.
– Foreign words: use non-Romance language words.
– Recommendation: each time you change the password, add some characters to the end.http://www.su-networking.com

——————————————————

4:30 Information Banking / “some stats guy.”
My name’s Dave. I study statistics. I datamine for fun. I really like the firehose.
Ranting about how much information we give away even though it’s like money.
Think of data in terms of money. There is an exchange rate for a bit of information for money.
Information is a currency you can spend over and over.
Instead of us spreading data around, proposes bringing applications TO data that you store, and decide how much to give to whom. Example FBML: Facebook markup language: to keep applications from getting too much access to you.
Google FriendConnect is a similar model.

Righteous rant, dude.

Discussion:
how to bring the average consumer into this. They are voting with their feet.

————————–

5:00 Free Drinks with Rich nd Creamy
Richandcreamy is another San Diego legend, and a people hacker in his own way. Talking about how to get free drinks and stuff in bars and shows. Brought drinks. Good to end on a fun note.

META: 30 minutes too short – especially if they have to give a 101 first. Never get to the discussion.